DATA SECURITY

Global VM Market Sees Strong Growth Due to Rise in Cyber Threats, Finds Frost & Sullivan

Frost & Sullivan | October 07, 2021

Frost & Sullivan's recent analysis on the Global Vulnerability Management Market finds that enterprises are becoming more vulnerable to cyber-attacks as they embrace digital transformation initiatives. This is due to an expanded attack surface resulting from multiple touchpoints through an open network and easy accessibility to databases and applications. An expanded attack surface has triggered the need for greater investments in vulnerability management (VM) solutions. Given this demand, the global VM market is expected to reach $2.51 billion by 2025, expanding at a compound annual growth rate (CAGR) of 16.3%.

From a regional perspective, North America will continue to dominate the VM market over the forecast period. The recent executive order to improve US cybersecurity is one of the main demand drivers in the region. Europe, the Middle East, and Africa (EMEA) will be the second-largest VM market as a result of regulations such as General Data Protection Regulations (GDPR). Finally, the growing significance of cybersecurity among end-users and rapid digital transformation initiatives encourage organizations to embrace VM in APAC and Central and Latin America.

The COVID-19 pandemic and the resulting work-from-home economy have expanded organizations' attack surface. With organizations adjusting to a new mode of business operations, VM capabilities for emerging platforms and applications will gain traction,In addition, as businesses embrace network-attached endpoints, cloud-based applications, and connected devices, the need for managing vulnerabilities in the extended attack surface will surge.

                                                                                                                                                                                                                                                                                                            Swetha R Krishnamoorthi, Senior Industry Analyst, Cybersecurity at Frost & Sullivan

Swetha added: "Organizations' move toward holistic and focused security will encourage vendors to integrate capabilities from upstream, downstream, and alternative applications. Over the next decade, there will also be a likely emergence of an 'integrated security posture assessment tool' that provides end-to-end risk management for enterprises."

Increased threats amid higher numbers of connected devices and regulatory requirements for organizations to perform regular vulnerability scanning and remediation will present lucrative growth prospects for VM vendors, including:
  • Addressing end-to-end vulnerability management workflow through an integrated platform by having an extensive list of integrations that enable an organization to pull in data from different tools and trigger workflows on other platforms from a single pane of glass.
  • Focusing on emerging economies and identifying local distribution partners and value-added resellers to boost expansion initiatives in emerging markets.
  • Leveraging managed security service providers (MSSPs) as a revenue source to expand the customer base by developing a separate pricing model that works well for both MSSPs and customers, ensuring profitability.
  • Expanding asset-type coverage to a non-conventional environment through strategic partnerships or inorganic deals with operational technology security vendors to hasten the acquisition of capabilities and achieve growth.

Global Vulnerability Management Market, Forecast to 2025 is the latest addition to Frost & Sullivan's Information & Communication Technology research and analyses available through the Frost & Sullivan Leadership Council, which helps organizations identify a continuous flow of growth opportunities to succeed in an unpredictable future.

About Frost & Sullivan
For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models, and companies to action, resulting in a continuous flow of growth opportunities to drive future success.

Spotlight

If you have read Verizon’s “2015 Data Breach Investigations Report,” you’ll recall the following notable findings: Advanced attacks often start with phishing emails, and a campaign of just 10 emails will typically yield a greater than 90 percent chance that at least one person will become the criminal’s prey. In 60% of cases, attackers are able to compromise an organization within minutes. 75% of attacks spread from Victim 0 to Victim 1 within one day (24 hours).

Spotlight

If you have read Verizon’s “2015 Data Breach Investigations Report,” you’ll recall the following notable findings: Advanced attacks often start with phishing emails, and a campaign of just 10 emails will typically yield a greater than 90 percent chance that at least one person will become the criminal’s prey. In 60% of cases, attackers are able to compromise an organization within minutes. 75% of attacks spread from Victim 0 to Victim 1 within one day (24 hours).

Related News

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Swimlane Launches First Comprehensive Security Automation Ecosystem for OT Environments

Swimlane | November 15, 2022

Swimlane, the low-code security automation company, today announced the formation of the first operational technology (OT) security automation solution ecosystem tailored to meet the combined OT and IT security requirements within critical infrastructure environments. The Biden Administration designated November as Critical Infrastructure Security and Resilience Month, drawing attention to the need for “fortifying our information technology and cybersecurity across sectors.” As cyber threats grow in frequency and severity, security operations teams within industrial organizations are regularly targeted due to the importance of their systems and infrastructure. Given the limited resources at their disposal, security teams within these organizations are struggling to keep up with rapidly evolving threats. The cybersecurity skills gap poses a particularly difficult challenge for organizations with OT environments due to the unique skill set required to navigate the convergence of OT and IT technologies. This is where modern Security Orchestration, Automation and Response (SOAR) plays an instrumental role. “Our public utilities and critical infrastructure face unique cybersecurity challenges to detect and respond to the convergence of threats targeting their combined OT and IT environments, and cyber-physical systems. “Swimlane is bringing together the best of OT security with our extensible security automation platform to create a robust system of record and control for security operations teams to more quickly process large amounts of security telemetry without needing more resources to defend against breaches.” Cody Cornell Co-founder and Chief Strategy Officer of Swimlane Swimlane’s security automation ecosystem for OT environments currently includes the following: Nozomi Networks for OT and IoT Security: Swimlane and Nozomi Networks, the leader in OT and IoT security, also announced today a technology integration that combines low-code security automation with OT and Internet of Things (IoT) security. The combined solution makes it possible for industrial and critical infrastructure security operations to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points. Dataminr Tackles Physical Risk: Swimlane’s integration with Dataminr leverages automated processes to mitigate risks and warn at-risk employees as soon as possible to ensure their safety. The cyber-physical threat response solution saves organizations crucial minutes when connecting with staff members who might be affected by a natural disaster, accident, or social unrest, or other types of physical risk. 1898 & Co. for Managed Threat Detection: 1898 & Co., a preeminent industrial control system (ICS) cybersecurity solutions provider, has selected Swimlane as the core automation platform for their managed threat detection services. These services include the detection of both OT and IT-born threats, machine-speed threat validation and scoring, and rapid remediation of threats using OT response methods. “Security teams chartered with protecting OT environments are struggling to keep pace with emerging threats given their limited resources,” said Joshua Magady, Practice Technical Lead at 1898 & Co. “As cyberattacks on critical infrastructure continue to rise and the cybersecurity skills shortage prevails, we are excited to be working with Swimlane to provide automation solutions that give these important organizations the tools to defend against rising cyber threats effectively.” Working with each technology partner, Swimlane will develop a portfolio of pre-integrated solutions that customers can quickly deploy either through managed services or add to their existing environment. About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifying business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Keeper Security Launches Upgraded MSP Platform

Keeper Security | September 09, 2022

Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, today released an upgraded KeeperMSP platform that offers robust security and compliance solutions through an expanded portfolio of Keeper zero-trust security capabilities. These new market-leading features will help Managed Service Provider (MSP) partners oversee security and compliance for their customer base in an increasingly challenging threat landscape. The platform enhancements include powerful add-on features and products that offer a broad range of new solutions for MSPs, including: Advanced Reporting & Alerts (ARAM) Module; BreachWatch®; Compliance Reporting; KeeperChat®; Secure File Storage; Keeper Secrets Manager and Keeper Connection Manager. "At Keeper Security, we are committed to providing our MSP partners with the cutting-edge tools they need to achieve robust security and compliance for their internal users and the customers they support. "With the upgrades to KeeperMSP, we are equipping partners with powerful new features that support a zero-trust security model for maximum protection. MSPs can now offer even more Keeper features to their users and managed companies to help detect threats and prevent attacks." Darren Guccione, CEO and co-founder of Keeper Security Security and compliance capabilities included in Keeper's upgraded MSP platform include: Advanced Reporting & Alerts (ARAM) Module, which empowers InfoSec administrators to monitor more than 100 different security and activity-related event types via customizable reports, real-time notifications and seamless integration into any third-party SIEM solution. BreachWatch®, which continuously scans the dark web and receives alerts on compromised passwords to take immediate action for preventing an account takeover attack. Compliance Reporting that provides on-demand visibility of access permissions for the organization's credentials and secrets, and supports audits for Sarbanes Oxley (SOX) and other industry regulations that require access-control monitoring and event auditing. KeeperChat®, which enables secure, ephemeral messaging across employee devices with the world's most secure messaging solution, protecting communications with end-to-end encryption. Secure File Storage that taps into Keeper's zero-knowledge encryption to put secure file storage, retrieval and decryption privileges in the hands of approved users only. Keeper Secrets Manager, which secures your environment and eliminates secrets sprawl by removing hard-coded credentials from your source code, config files and CI/CD systems. Keeper Connection Manager, which provides DevOps and IT teams with effortless access to RDP, SSH and Kubernetes endpoints through a web browser. The upgraded Keeper MSP platform offers new revenue opportunities and competitive differentiation for users. The market-leading, differentiated features and bundling options will help MSPs keep pace in the ever-changing cybersecurity industry. About Keeper Security Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyberattacks, while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password management, secrets management, privileged access, secure remote infrastructure access and encrypted messaging.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Synack Joins the Microsoft Intelligent Security Association, Bringing the Power of Continuous and on Demand Security to Microsoft Azure

Synack | September 13, 2022

Synack, a premier platform for on-demand security expertise, announced that it has joined the Microsoft Intelligent Security Association (MISA) and is available through integration with Microsoft Sentinel, giving enterprises globally seamless access to a worldwide network of top security researchers working around the clock to protect their cloud assets. Becoming part of MISA, an ecosystem of independent software vendors and managed security service providers, builds on a growing collaboration between Synack and Microsoft and is a testament to both organizations' commitment to providing easier, more flexible and scalable cybersecurity solutions. Microsoft Sentinel is a cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution designed to reduce unnecessary friction in the vulnerability remediation process. It also provides early threat detection and rapid response to sophisticated attacks to facilitate shorter resolution times and lower the number of security incidents. "Our integration with Microsoft Sentinel couldn't be more timely and important today as organizations everywhere are scrambling to find enough skilled practitioners to protect them against punishing cyberattacks. We help solve that talent gap with our platform that combines a powerful network of ethical hackers with the most advanced technology. "We look forward to building on this important relationship with Microsoft." Jay Kaplan, Synack's CEO Cyberattacks on cloud environments are expected to increase, putting enterprises and critical infrastructure providers at greater risk of supply chain, ransomware and nation-state attacks. As a result of these threats, the Biden administration has called on organizations to deploy third-party testing "to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors." The Synack integration with Microsoft Sentinel enables customers to respond to this challenge. "Members of MISA integrate their security solutions with Microsoft's security technology to gain more signal, increase visibility and better protect against threats. By extending Microsoft's security capabilities across the ecosystem, we help our shared customers to succeed," said Maria Thomson, Microsoft Intelligent Security Association Lead. "This vibrant security ecosystem is valuable to our shared customer base because it reduces the cost and complexity of integrating disparate security tools." Synack will deliver insights through its Microsoft Sentinel integration, enabling security teams to correlate these findings with Microsoft Sentinel data to gain end-to-end visibility, comprehensively investigate and take action on threats. In addition to the Microsoft Sentinel integration and MISA membership, Synack also recently announced another integration with Microsoft's Security and Compliance for Cloud Infrastructure solution that will further enhance Microsoft Azure protections. ABOUT SYNACK: Synack's premier on-demand security testing platform harnesses a talented, vetted community of security researchers and smart technology to deliver continuous penetration testing and vulnerability management, with actionable results. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most-trusted security researchers in the world. Headquartered in Silicon Valley with regional teams around the world, Synack protects global banks, federal agencies, DoD classified assets and more than $6 trillion in Fortune 500 and Global 2000 revenue.

Read More